Security Alert: Cloak and Dagger Android

May 30th, 2017

Security Alert:  Android "Cloak & Dagger" Vulnerability Uncovered

"Cloak and dagger" is a new kind of vulnerability affecting Android mobile devices (including the latest Android version, 7.1.2).  The vulnerability was discovered by computer scientists at Georgia Institute of Technology.  "Attacks allow a malicious app to completely control the UI feedback loop and take over the device – without giving the user a chance to notice the malicious activity," according to the researchers.

cloak and dagger androidRisks arise largely from malicious code within pirated apps. The attack method has been reported to Google.

Steve Meek, President of The Fulcrum Group, commented: “This is a reminder any device that connects to wireless or your network could present a risk. Good risk management requires owners to not only review wireless and mobile device policies, but maintain awareness of threat intelligence resources to protect your organization for the ongoing barrage of threats.”

"We've been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer," a Google spokesman told The Reg.

"We have updated Google Play Protect - our security services on all Android devices with Google Play - to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward."

How You Can Protect Yourself and Your Organization

End User Security Awareness - making your users aware of vulnerabilities that can hit even mobile devices is key.  Advising users to ONLY download/install apps through the Google Play Store is another useful tip.

Organizations that believe in risk management should have regular IT security vulnerability assessments completed.  Small organizations might not need to do regularly, but should be done at least every 2-3 years, where as a larger organization, one undergoing large scale changes, or bound by compliance, might perform IT security vulnerability assessments monthly or quarterly.

Segregating mobile devices from your private network - Many organizations still allow end users to connect their mobile devices to their private WiFi network.  In almost all cases, this is a bad idea.  Mobile devices rarely need access to the private network; they typically just need access to the Internet.  Establish a separate WiFi network strictly for mobile devices, and grant this network access to the Internet ONLY.

If you're a small business owner, and you already have a firewall and anti-malware, check out our Fulcrum Group microsite for more security basics geared towards you.

For more technical details, click HERE.